gluon-mesh-vpn-tunneldigger: drop package (#3109)

The Gluon Tunneldigger protocol handler hasn't received the care and
attention a core package, especially a VPN protocol, should.

Due to the works in #2102 it's no longer required to maintain
VPN handlers in the Gluon Core and they can be instead included via a
package feed.

Users who wish to continue using a supported core Gluon package are
encouraged to take a look at fastd in conjunction with it's null@l2tp method.
It offers roughly the same performance (it's using the same principle
of operation) and supports connections via IPv6 as a bonus.

In general it should be possible to change the VPN used protocol
asynchronously with a normal update.

If Gluon users wish to continue using tunneldigger the recomendation
is to participate in the development of tunneldigger inside our
community-packages.

.github/labeler.yml

@@ -47,8 +47,6 @@
   - package/gluon-status-page/**
 "3. topic: tests":
   - tests/**
-"3. topic: tunneldigger":
-  - package/gluon-mesh-vpn-tunneldigger/**
 "3. topic: wireguard":
   - package/gluon-mesh-vpn-wireguard/**
 "3. topic: wireless":

docs/dev/packages.rst

@@ -196,7 +196,7 @@ Example::
       'gluon-config-mode-outdoor',
     })
 
-    when(_'web-wizard' and (_'mesh-vpn-fastd' or _'mesh-vpn-tunneldigger'), {
+    when(_'web-wizard' and _'mesh-vpn-fastd' or _'mesh-vpn-wireguard'), {
       'gluon-config-mode-mesh-vpn',
     })
 
@@ -211,5 +211,5 @@ This will
   corresponding feature flags are evaluated as selected in the image-customization.lua file
 * enable four additional config mode packages when the *web-wizard* feature is enabled
 * enable *gluon-config-mode-mesh-vpn* when both *web-wizard* and one
-  of *mesh-vpn-fastd* and *mesh-vpn-tunneldigger* are enabled
+  of *mesh-vpn-fastd* and *mesh-vpn-wireguard* are enabled
 * disable the *gluon-radvd* package when *gluon-no-radvd* is enabled

docs/features/multidomain.rst

@@ -206,7 +206,6 @@ domain.conf only variables
   - wifi*.mesh.id
   - mesh_vpn.fastd.groups.*.peers.remotes
   - mesh_vpn.fastd.groups.*.peers.key
-  - mesh_vpn.tunneldigger.brokers
 
 - Clients consider WiFi networks sharing the same ESSID as if they were
   the same L2 network and try to reconfirm and reuse previous

docs/features/vpn.rst

@@ -7,7 +7,7 @@ allow connections between local meshes through the internet.
 Protocol handlers
 ^^^^^^^^^^^^^^^^^
 
-There are currently three protocol handlers which can be selected
+There are currently two protocol handlers which can be selected
 as a feature:
 
 mesh-vpn-fastd
@@ -24,15 +24,6 @@ work around the context-switching bottleneck, but it comes
 at the cost of losing the ability to protect tunnel connections
 against eavesdropping or manipulation.
 
-mesh-vpn-tunneldigger
-"""""""""""""""""""""
-
-Tunneldigger always uses L2TPv3, generally achieving the same
-performance as fastd with the ``null@l2tp`` method, but offering
-no security.
-Tunneldigger's primary drawback is the lack of IPv6 support.
-It also provides less configurability than fastd.
-
 mesh-vpn-wireguard
 """"""""""""""""""
 

docs/user/mtu.rst

@@ -84,19 +84,19 @@ VPN Protocol Overhead (IPv4)
 
 Overhead of the VPN protocol layers in bytes on top of an Ethernet frame.
 
-+----------+-------+--------------+-----------+
-|          | fastd | Tunneldigger | WireGuard |
-+==========+=======+==============+===========+
-| IPv4     | 20    | 20           | 20        |
-+----------+-------+--------------+-----------+
-| UDP      | 8     | 8            | 8         |
-+----------+-------+--------------+-----------+
-| Protocol | 24    | 8            | 32        |
-+----------+-------+--------------+-----------+
-| TAP      | 14    | 14           | /         |
-+----------+-------+--------------+-----------+
-| Sum      | 66    | 50           | 60        |
-+----------+-------+--------------+-----------+
++----------+-------+-----------+
+|          | fastd | WireGuard |
++==========+=======+===========+
+| IPv4     | 20    | 20        |
++----------+-------+-----------+
+| UDP      | 8     | 8         |
++----------+-------+-----------+
+| Protocol | 24    | 32        |
++----------+-------+-----------+
+| TAP      | 14    | /         |
++----------+-------+-----------+
+| Sum      | 66    | 60        |
++----------+-------+-----------+
 
 Intermediate Layer Overhead
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -104,21 +104,21 @@ Intermediate Layer Overhead
 Overhead of additional layers on top of the VPN packet needed for different VPN
 providers.
 
-+------------+-------+--------------+-----------+
-|            | fastd | Tunneldigger | WireGuard |
-+============+=======+==============+===========+
-| IPv6       | /     | /            | 40        |
-+------------+-------+--------------+-----------+
-| vxlan      | /     | /            | 16        |
-+------------+-------+--------------+-----------+
-| Ethernet   | /     | /            | 14        |
-+------------+-------+--------------+-----------+
-| Batman v15 | 18    | 18           | 18        |
-+------------+-------+--------------+-----------+
-| Ethernet   | 14    | 14           | 14        |
-+------------+-------+--------------+-----------+
-| Sum        | 32    | 32           | 102       |
-+------------+-------+--------------+-----------+
++------------+-------+-----------+
+|            | fastd | WireGuard |
++============+=======+===========+
+| IPv6       | /     | 40        |
++------------+-------+-----------+
+| vxlan      | /     | 16        |
++------------+-------+-----------+
+| Ethernet   | /     | 14        |
++------------+-------+-----------+
+| Batman v15 | 18    | 18        |
++------------+-------+-----------+
+| Ethernet   | 14    | 14        |
++------------+-------+-----------+
+| Sum        | 32    | 102       |
++------------+-------+-----------+
 
 Minimum MTU
 ^^^^^^^^^^^
@@ -128,7 +128,7 @@ avoid fragmentation.
 
 Suggestions:
 
-- This configuration is only suggested for fastd and Tunneldigger.
+- This configuration is only suggested for fastd.
 
 - For WireGuard, this configuration is **unsuitable**. To obtain a 1280 byte
   payload with our protocol stack (see below), the Ethernet frame payload would
@@ -136,21 +136,21 @@ Suggestions:
   a (worst case) MTU of only 1436 (with DSLite), this packet would be too long
   for the WAN network.
 
-+-------------------------------+-------+--------------+-----------+
-|                               | fastd | Tunneldigger | WireGuard |
-+===============================+=======+==============+===========+
-| max unfragmented payload\*    | 1280  | 1280         | 1280      |
-+-------------------------------+-------+--------------+-----------+
-| intermediate layer overhead   | 32    | 32           | 102       |
-+-------------------------------+-------+--------------+-----------+
-| VPN MTU\*\*                   | 1312  | 1312         | 1382      |
-+-------------------------------+-------+--------------+-----------+
-| protocol overhead (IPv4)      | 66    | 50           | 60        |
-+-------------------------------+-------+--------------+-----------+
-| min acceptable WAN MTU (IPv4) | 1378  | 1362         | **1442**  |
-+-------------------------------+-------+--------------+-----------+
-| min acceptable WAN MTU (IPv6) | 1398  | 1382         | 1462      |
-+-------------------------------+-------+--------------+-----------+
++-------------------------------+-------+-----------+
+|                               | fastd | WireGuard |
++===============================+=======+===========+
+| max unfragmented payload\*    | 1280  | 1280      |
++-------------------------------+-------+-----------+
+| intermediate layer overhead   | 32    | 102       |
++-------------------------------+-------+-----------+
+| VPN MTU\*\*                   | 1312  | 1382      |
++-------------------------------+-------+-----------+
+| protocol overhead (IPv4)      | 66    | 60        |
++-------------------------------+-------+-----------+
+| min acceptable WAN MTU (IPv4) | 1378  | **1442**  |
++-------------------------------+-------+-----------+
+| min acceptable WAN MTU (IPv6) | 1398  | 1462      |
++-------------------------------+-------+-----------+
 
 \* Maximum size of payload going into the bat0 interface, that will not be
 fragmented by batman.
@@ -164,26 +164,26 @@ Calculation of different derived MTUs based on a maximum WAN MTU of 1436.
 
 Suggestions:
 
-- This configuration can be used for fastd and Tunneldigger.
+- This configuration can be used for fastd.
 
 - For WireGuard, this is the recommended configuration. batman-adv will
   fragment larger packets transparently to avoid packet loss.
 
-+-------------------------------+-------+--------------+-----------+
-|                               | fastd | Tunneldigger | WireGuard |
-+===============================+=======+==============+===========+
-| min acceptable WAN MTU (IPv4) | 1436  | 1436         | 1436      |
-+-------------------------------+-------+--------------+-----------+
-| protocol overhead (IPv4)      | 66    | 50           | 60        |
-+-------------------------------+-------+--------------+-----------+
-| VPN MTU\*\*                   | 1370  | 1386         | 1376      |
-+-------------------------------+-------+--------------+-----------+
-| intermediate layer overhead   | 32    | 32           | 102       |
-+-------------------------------+-------+--------------+-----------+
-| max unfragmented payload\*    | 1338  | 1354         | 1274      |
-+-------------------------------+-------+--------------+-----------+
-| min acceptable WAN MTU (IPv6) | 1398  | 1382         | 1462      |
-+-------------------------------+-------+--------------+-----------+
++-------------------------------+-------+-----------+
+|                               | fastd | WireGuard |
++===============================+=======+===========+
+| min acceptable WAN MTU (IPv4) | 1436  | 1436      |
++-------------------------------+-------+-----------+
+| protocol overhead (IPv4)      | 66    | 60        |
++-------------------------------+-------+-----------+
+| VPN MTU\*\*                   | 1370  | 1376      |
++-------------------------------+-------+-----------+
+| intermediate layer overhead   | 32    | 102       |
++-------------------------------+-------+-----------+
+| max unfragmented payload\*    | 1338  | 1274      |
++-------------------------------+-------+-----------+
+| min acceptable WAN MTU (IPv6) | 1398  | 1462      |
++-------------------------------+-------+-----------+
 
 \* Maximum size of payload going into the bat0 interface, that will not be
 fragmented by batman.
@@ -219,5 +219,5 @@ Conclusion
 
 Determining the maximum MTU can be a tedious process, especially since the PMTU
 of peers could change at any time. The general recommendation for maximized
-compatibility is therefore an MTU of 1312 bytes (for fastd and tunneldigger)
-and 1376 bytes (for WireGuard).
+compatibility is therefore an MTU of 1312 bytes for fastd
+and 1376 bytes for WireGuard.

docs/user/site.rst

@@ -320,13 +320,6 @@ mesh_vpn
   to the peer list, removal and modification of peers can be prevented by
   setting the *preserve* option of a peer to ``1`` in UCI.
 
-  The `tunneldigger` section is used to define the *tunneldigger* broker list.
-
-  **Note:** It doesn't make sense to include both `fastd` and `tunneldigger`
-  sections in the same configuration file, as only one of the packages *gluon-mesh-vpn-fastd*
-  and *gluon-mesh-vpn-tunneldigger* should be installed with the current
-  implementation.
-
   **Note:** It may be interesting to include the package *gluon-iptables-clamp-mss-to-pmtu*
   in the build when using *gluon-mesh-babel* to work around ICMP black holes on the internet.
 
@@ -386,11 +379,6 @@ mesh_vpn
         },
       },
 
-      tunneldigger = {
-        mtu = 1312,
-        brokers = {'vpn1.alpha-centauri.freifunk.net'},
-      },
-
       wireguard = {
         mtu = 1376,
         peers = {
@@ -682,7 +670,7 @@ package:
 
   Includes the *gluon-config-mode-...* base packages (hostname, geolocation and contact info),
   as well as the *gluon-config-mode-autoupdater* (when *autoupdater* is an enabled feature),
-  and *gluon-config-mode-mesh-vpn* (when *mesh-vpn-fastd* or *mesh-vpn-tunneldigger* are
+  and *gluon-config-mode-mesh-vpn* (when *mesh-vpn-fastd* or `mesh-vpn-wireguard` are
   enabled features)
 
 * web-advanced

package/features

@@ -19,7 +19,6 @@ when(_'web-wizard' and _'autoupdater', {
 when(_'web-wizard' and (
 	_'mesh-vpn-fastd' or
 	_'mesh-vpn-fastd-l2tp' or
-	_'mesh-vpn-tunneldigger' or
 	_'mesh-vpn-wireguard'
 ), {
 	'gluon-config-mode-mesh-vpn',

package/gluon-mesh-vpn-core/luasrc/lib/gluon/mesh-vpn/update-config

@@ -15,11 +15,6 @@ if vpn_name ~= 'fastd' then
 	uci:save('fastd')
 end
 
-if vpn_name ~= 'tunneldigger' then
-	uci:set('tunneldigger', 'mesh_vpn', 'enabled', false)
-	uci:save('tunneldigger')
-end
-
 vpn.enable(vpn_config.enabled)
 if vpn_config.limit_enabled then
 	vpn.set_limit(vpn_config.limit_ingress, vpn_config.limit_egress)

package/gluon-mesh-vpn-tunneldigger/Makefile

-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=gluon-mesh-vpn-tunneldigger
-
-include ../gluon.mk
-
-define Package/gluon-mesh-vpn-tunneldigger
-  TITLE:=Support for connecting meshes via tunneldigger/L2TPv3 pseudowire
-  DEPENDS:=+gluon-core +gluon-mesh-vpn-core +tunneldigger +simple-tc
-endef
-
-$(eval $(call BuildPackageGluon,gluon-mesh-vpn-tunneldigger))

package/gluon-mesh-vpn-tunneldigger/check_site.lua

-need_string_array(in_domain({'mesh_vpn', 'tunneldigger', 'brokers'}))
-need_number({'mesh_vpn', 'tunneldigger', 'mtu'})

package/gluon-mesh-vpn-tunneldigger/files/lib/gluon/reload.d/310-tunneldigger-stop

-#!/bin/sh
-/etc/init.d/tunneldigger stop

package/gluon-mesh-vpn-tunneldigger/files/lib/gluon/reload.d/790-tunneldigger-start

-#!/bin/sh
-/etc/init.d/tunneldigger start

package/gluon-mesh-vpn-tunneldigger/files/usr/lib/micron.d/tunneldigger-watchdog

-*/5 * * * * /usr/bin/tunneldigger-watchdog

package/gluon-mesh-vpn-tunneldigger/luasrc/lib/gluon/upgrade/400-mesh-vpn-tunneldigger

-#!/usr/bin/lua
-
-local site = require 'gluon.site'
-local util = require 'gluon.util'
-local vpn_core = require 'gluon.mesh-vpn'
-
-local uci = require('simple-uci').cursor()
-
-
-uci:section('tunneldigger', 'broker', 'mesh_vpn', {
-	uuid = util.node_id(),
-	interface = vpn_core.get_interface(),
-	bind_interface = 'br-wan',
-	group = 'gluon-mesh-vpn',
-	broker_selection = 'usage',
-	address = site.mesh_vpn.tunneldigger.brokers(),
-})
-
-uci:save('tunneldigger')

package/gluon-mesh-vpn-tunneldigger/luasrc/usr/bin/tunneldigger-watchdog

-#!/usr/bin/lua
-
-local uci = require('simple-uci').cursor()
-
-local function restart_tunneldigger()
-	os.execute('logger -t tunneldigger-watchdog "Restarting Tunneldigger."')
-	os.execute('/etc/init.d/tunneldigger restart')
-end
-
-local function has_mesh_vpn_neighbours()
-	local handle = io.popen('batctl o', 'r')
-	if not handle then
-		return false
-	end
-	for line in handle:lines() do
-		if line:find('mesh%-vpn') then
-			handle:close()
-			return true
-		end
-	end
-	handle:close()
-	return false
-end
-
-if uci:get_bool('tunneldigger', 'mesh_vpn', 'enabled') then
-	if not has_mesh_vpn_neighbours() then
-		os.execute('logger -t tunneldigger-watchdog "No vpn-mesh neighbours found."')
-		restart_tunneldigger()
-		return
-	end
-end

package/gluon-mesh-vpn-tunneldigger/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/tunneldigger.lua

-local uci = require('simple-uci').cursor()
-
-local site = require 'gluon.site'
-local vpn_core = require 'gluon.mesh-vpn'
-
-local M = {}
-
-function M.public_key()
-	return nil
-end
-
-function M.enable(val)
-	uci:set('tunneldigger', 'mesh_vpn', 'enabled', val)
-	uci:save('tunneldigger')
-end
-
-function M.active()
-	return site.mesh_vpn.tunneldigger() ~= nil
-end
-
-function M.set_limit(ingress_limit, egress_limit)
-	if ingress_limit ~= nil then
-		uci:set('tunneldigger', 'mesh_vpn', 'limit_bw_down', ingress_limit)
-	else
-		uci:delete('tunneldigger', 'mesh_vpn', 'limit_bw_down')
-	end
-
-	if egress_limit ~= nil then
-		uci:section('simple-tc', 'interface', 'mesh_vpn', {
-			ifname = vpn_core.get_interface(),
-			enabled = true,
-			limit_egress = egress_limit,
-		})
-	else
-		uci:delete('simple-tc', 'mesh_vpn')
-	end
-
-	uci:save('tunneldigger')
-	uci:save('simple-tc')
-end
-
-function M.mtu()
-	return site.mesh_vpn.tunneldigger.mtu()
-end
-
-return M